diff options
Diffstat (limited to 'doc/tips')
-rw-r--r-- | doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn | 61 | ||||
-rw-r--r-- | doc/tips/laptop_wiki_with_git/discussion.mdwn | 5 |
2 files changed, 66 insertions, 0 deletions
diff --git a/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn b/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn new file mode 100644 index 000000000..58940b89f --- /dev/null +++ b/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn @@ -0,0 +1,61 @@ +One may want to provide ikiwiki hosting with [[rcs/git]]+ssh access and web +server located at different hosts. Here's a description for such +a setup, using password-less SSH as a way of communication between +these two hosts. + +Git server +========== + +Let's create a user called `ikiwiki_example`. This user gets SSH +access restricted to GIT pull/push, using `git-shell` as a shell. + +The root (bare) repository: + +- is stored in `~ikiwki_example/ikiwiki_example.git` +- is owned by `ikiwiki_example:ikiwiki_example` +- has permissions 0700 + +The master repository's post-update hook connects via SSH to +`webserver` as user `ikiwiki_example`, in order to run +`~/bin/ikiwiki.update` on `webserver`; this post-update hook, located +in `~ikiwki_example/ikiwiki_example.git/hooks/post-update`, is +executable and contains: + + #!/bin/sh + /usr/bin/ssh ikiwiki_example@webserver bin/ikiwiki.update + +Password-less SSH must be setup to make this possible; one can +restrict `gitserver:ikiwiki_example` to be able to run only the needed +command on the web server, using such a line in +`webserver:~ikiwiki_example/.ssh/authorized_keys`: + + command="bin/ikiwiki.update",from="gitserver.example.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa ... + +Web server +========== + +Let's create a user called `ikiwiki_example` on `webserver`. She needs +to have write permission to the destination directory. + +The working tree repository (`srcdir`): + +- is stored in `~ikiwki_example/src` +- is owned by `ikiwiki_example:ikiwiki_example` +- has permissions 0700 +- has the following origin: `ikiwiki_example@gitserver:ikiwiki_example.git` + +The CGI wrapper is generated with ownership set to +`ikiwiki_example:ikiwiki_example` and permissions `06755`. + +Password-less SSH must be setup so that `ikiwiki_example@webserver` is +allowed to push to the master repository. As told earlier, SSH access +to `ikiwiki_example@gitserver` is restricted to GIT pull/push, which +is just what we need. + +The Git wrapper is generated in `~ikiwiki_example/bin/ikiwiki.update`: + + git_wrapper => '/home/ikiwiki_example/bin/ikiwiki.update' + +As previously explained, this wrapper is run over SSH by the master +repository's post-update hook; it pulls updates from the master +repository and triggers a wiki refresh. diff --git a/doc/tips/laptop_wiki_with_git/discussion.mdwn b/doc/tips/laptop_wiki_with_git/discussion.mdwn index 234833ca7..6ce72ae7b 100644 --- a/doc/tips/laptop_wiki_with_git/discussion.mdwn +++ b/doc/tips/laptop_wiki_with_git/discussion.mdwn @@ -5,3 +5,8 @@ Or, was this last remark about rebuilding after pulling meant to apply to rebuil [[DavidBremner]] * *Updated* Now that I play with this a bit, this seems not so important. Having a seperate sync operation that I run from the laptop is no big deal, and lets me update the parts of my site not yet managed by ikiwiki at the same time. + +* Ok, I have finally finished to set this up. I have a question for you :) Is it mandatory to have a locally running webserver on the laptop ? I mean, do I need to setup the CGI wrapper on the laptop ? Is it possible to just add/edit/delete/whatever, git commit all the stuff and git push back to the server ? Thank you. --[[xma]] + +> Of course you don't need a web server on the laptop. It is useful for +> previewing pages before publishing them though. --[[Joey]] |